BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
BA.NET ADBLOCK VPN MANAGED NETWORK SECURITY ADMINISTRATOR MANUAL
(c) BA.net/Adblockvpn - Jan 2019
1
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
AdBlock VPN Filter Server Administrator Manual (c) ba.net
[email protected] Chapter 3, 4 and 5 and portions of other chapters part of Linux HowTo´s and Linux Guides copyright Linux Documentation Project LDP. The optional FlashBoot Software Appliance contains software provided by GNU/Linux, Slackware and other providers covered by the GNU General Public License.
2
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
1 Introduction ..................................................................................... 10 1.1.1 AdBlock VPN BA.net ............................................................ 10 1.1.2 Admin Interface .................................................................... 11 1.1.3 FAQ ...................................................................................... 11 1.2 BA.net AdBlock Speed VPN for iPhone .................................... 13 1.3 BA.net AdBlock VPN for Android .............................................. 16 1.4 OpenVPN OSX Configuration.................................................... 19 1.5 BA.net Hardware SafeBox AdBlocker ....................................... 22 1.6 Setting up AdBlock BA.net on Android devices......................... 26 1.7 Configure DSL or Wireless router settings ................................ 26 1.7.1 Configure AdBlock DNS for Mac OS X, Windows, or Linux . 27 1.8 Works with Safari. Any Web Browser / Any Platform ................ 29 1.8.1.1 User Benefits .................................................................. 29 1.8.1.2 Multi Device .................................................................... 29 1.8.1.3 Block Tracking Sites ....................................................... 29 1.8.1.4 Block Ads Everywhere .................................................... 29 1.9 Frequently Asked Questions ..................................................... 30 1.9.1 Q: How is AdBlock BA.net different from other ad-blocking services ? ....................................................................................... 30 1.9.2 Q: How can it be free ? ........................................................ 30 1.9.3 Q: We only use Apple computers in our household, can we still use AdBlock BA.net? ..................................................................... 30 1.9.4 Q: Will AdBlock BA.net work on my iPhone, Blackberry or other mobile Internet device? ......................................................... 30 1.9.5 Q: Will AdBlock BA.net also restrict pornograhic ads? ........ 30 1.9.6 Q: I live in Toronto, will AdBlock BA.net work in Canada? ... 31 1.9.7 Q: Does AdBlock BA.net track where I go on the Internet? . 31 1.9.8 Q: I noticed an ad the other day surfing the web, should I report that to AdBlock BA.net Support? ......................................... 31 1.9.9 Q: What kind of banners will it block ? ................................. 31 1.9.10 What about Site and Blog Owners ? .................................. 31 1.9.11 Q: Will it block Phishing and Malware sites ? ..................... 32 1.9.12 Q: Will it consume Memory like uBlock or AdBlock Plus ? . 32 1.9.13 Q: Do you have a solution for iPhone on Mobile Networks ?32 1.9.14 Q: Will VPN affect my mobile battery ? .............................. 32 1.9.15 Q: Do you offer Corporate Service ? .................................. 33 1.9.16 Do you offer Server DNS Filter Solutions ? ........................ 33
3
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
2 Managed security service ............................................................ 34 2.1 Early History of Managed Security Services ............................. 35 2.2 Industry terms............................................................................ 36 2.3 Six categories of managed security services ............................ 36 2.3.1 On-site consulting ................................................................ 36 2.3.2 Perimeter management of the client's network .................... 36 2.3.3 Product resale ...................................................................... 36 2.3.4 Managed security monitoring ............................................... 37 2.3.5 Penetration testing and vulnerability assessments .............. 37 2.3.6 Compliance monitoring ........................................................ 37 2.3.7 Engaging an MSSP .............................................................. 37 2.4 Managed security services for mid-sized and smaller businesses 38 3 Filtering methods ............................................................................ 39 3.1 Benefits of ad filtering ................................................................ 40 3.2 Economic consequences for online business ........................... 41 3.3 Advertiser offensive countermeasures and justifications .......... 41 3.4 Browser integration ................................................................... 42 3.5 External programs ..................................................................... 42 3.6 Hosts file.................................................................................... 43 3.7 DNS cache ................................................................................ 43 3.8 DNS filtering .............................................................................. 43 3.9 Ad filtering by external parties and internet providers ............... 44 4 BA.net Adblock Filter Server CLOUD ............................................. 44 4.1 Children's Internet Protection Act .............................................. 47 4.1.1.1 Background ..................................................................... 47 4.1.1.2 What CIPA Requires ....................................................... 47 5.0 BA.net AdBlock Speed VPN for iPhone Config .......................... 49 4.1.2 FAQ ...................................................................................... 55 5 Corporate Proxy auto-config PAC............................................... 56 5.1 Context ...................................................................................... 56 5.2 Proxy configuration.................................................................... 57 5.3 The PAC File ............................................................................. 57 5.3.1 Limitations ............................................................................ 58 5.3.1.1 PAC Character-Encoding ................................................ 58
4
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
5.3.1.2 DnsResolve ..................................................................... 58 5.3.1.3 myIpAddress ................................................................... 59 5.3.1.4 Security ........................................................................... 60 5.3.1.5 Others ............................................................................. 60 5.3.2 Advanced functionality ......................................................... 60 6 BA.NET AdBlock Speed VPN for iPhone ....................................... 60 6.1 VPN connectivity overview ........................................................ 61 6.2 VPN Type .................................................................................. 62 6.3 Security mechanisms ................................................................ 62 6.3.1 Authentication ...................................................................... 64 6.4 Routing ...................................................................................... 64 6.4.1 Provider-provisioned VPN building-blocks ..................... 64 6.4.2 OSI Layer 2 services ............................................................ 65 6.4.3 OSI Layer 3 PPVPN architectures ....................................... 66 6.4.4 Unencrypted tunnels ............................................................ 67 6.5 Trusted delivery networks ......................................................... 67 6.6 VPNs in mobile environments ................................................... 68 6.7 VPN on Routers ........................................................................ 69 6.8 Networking limitations ............................................................... 69 7 How DNS Works ............................................................................ 70 7.1 Name Lookups with DNS .......................................................... 73 7.2 Types of Name Servers............................................................. 74 7.3 The DNS Database ................................................................... 75 7.4 Reverse Lookups ...................................................................... 77 7.4.1 Notes .................................................................................... 78 8 Running named ............................................................................. 79 8.1 The named.boot File ................................................................. 79 8.2 The BIND 8 host.conf File ......................................................... 82 8.3 The DNS Database Files........................................................... 83 8.4 Caching-only named Configuration ........................................... 89 8.5 Writing the Master Files............................................................. 89 8.6 Verifying the Name Server Setup .............................................. 91 8.7 Other Useful Tools .................................................................... 94 8.7.1 Notes .................................................................................... 94
5
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
9 BA.net Adblock Filter Server FlashBoot ......................................... 95 9.1.1 HOWTO INSTALL ................................................................ 96 10 Configuration Files .......................................................................... 98 10.1 2 Initial configuration ................................................................ 98 10.2 3 Internals and externals ....................................................... 100 10.3 4 Security ............................................................................... 102 10.4 5 Configuration files ............................................................... 103 10.4.1 5.1 /etc/bind/named.conf.local .......................................... 103 10.4.2 5.2 /etc/bind/externals/db.example.com ........................... 104 10.4.3 5.3 /etc/bind/internals/db.example.com ............................ 104 10.4.4 Bibliography ...................................................................... 104 10.4.5 Footnotes ......................................................................... 104 11 Domain Name Server (DNS) Configuration and Administration ... 106 12 Response Rate Limiting ................................................................ 109 12.1 The Problem .......................................................................... 109 12.2 A Solution .............................................................................. 110 12.3 The Results ........................................................................... 110 12.4 Sample BIND RRL configuration ........................................... 110 13 OpenVPN ..................................................................................... 112 13.1 Determining whether to use a routed or bridged VPN ........... 112 13.2 Numbering private subnets .................................................... 112 13.3 Setting up your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients . 114 13.3.1 Overview .......................................................................... 114 13.3.2 Generate the master Certificate Authority (CA) certificate & key 115 13.3.3 Generate certificate & key for server ................................ 116 13.3.4 Generate certificates & keys for 3 clients ......................... 117 13.3.5 Generate Diffie Hellman parameters ................................ 117 13.3.6 Key Files ........................................................................... 118 13.4 Creating configuration files for server and clients .................. 119 13.4.1 Getting the sample config files ......................................... 119 13.4.2 Editing the server configuration file .................................. 119 13.4.3 Editing the client configuration files .................................. 120 13.5 Starting up the VPN and testing for initial connectivity .......... 121
6
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
13.5.1 Starting the server ............................................................ 121 13.5.2 Starting the client .............................................................. 123 13.5.3 Troubleshooting ................................................................ 123 13.6 Configuring OpenVPN to run automatically on system startup125 13.6.1 Linux ................................................................................. 125 13.6.2 Windows ........................................................................... 125 13.7 Controlling a running OpenVPN process ............................... 125 13.7.1 Running on Linux/BSD/Unix ............................................. 126 13.7.2 Running on Windows as a GUI ........................................ 126 13.7.3 Running in a Windows command prompt window ............ 126 13.7.4 Running as a Windows Service ........................................ 126 13.7.5 Modifying a live server configuration ................................ 126 13.7.6 Status File ........................................................................ 127 13.7.7 Using the management interface ..................................... 127 13.8 Expanding the scope of the VPN to include additional machines on either the client or server subnet. .............................................. 129 13.8.1 Including multiple machines on the server side when using a routed VPN (dev tun) ................................................................... 129 13.8.2 Including multiple machines on the server side when using a bridged VPN (dev tap).................................................................. 129 13.8.3 Including multiple machines on the client side when using a routed VPN (dev tun) ................................................................... 129 13.8.4 Including multiple machines on the client side when using a bridged VPN (dev tap).................................................................. 131 13.9 Pushing DHCP options to clients ........................................... 132 13.10 Configuring client-specific rules and access policies ........... 132 13.10.1 ccd/sysadmin1 ................................................................ 134 13.10.2 ccd/contractor1 ............................................................... 134 13.10.3 ccd/contractor2 ............................................................... 134 13.11 Using alternative authentication methods ............................ 135 13.11.1 Using Script Plugins........................................................ 135 13.11.2 Using Shared Object or DLL Plugins .............................. 136 13.11.3 Using username/password authentication as the only form of client authentication ..................................................................... 137 13.12 How to add dual-factor authentication to an OpenVPN configuration using client-side smart cards .................................... 137 13.12.1 About dual-factor authentication ..................................... 138 13.12.2 What is PKCS#11? ......................................................... 139 13.12.3 Finding PKCS#11 provider library .................................. 139 13.12.4 How to configure cryptographic token ............................ 139
7
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
13.12.5 How to modify an OpenVPN configuration to make use of cryptographic tokens .................................................................... 140 13.12.5.1 Determine the correct object ..................................... 140 13.12.5.2 Using OpenVPN with PKCS#11 ................................ 141 13.12.5.2.1 A typical set of OpenVPN options for PKCS#11 .. 141 13.12.5.2.2 Advanced OpenVPN options for PKCS#11 .......... 141 13.12.5.3 PKCS#11 implementation considerations ................. 141 13.12.5.4 OpenSC PKCS#11 provider ...................................... 142 13.12.6 Difference between PKCS#11 and Microsoft Cryptographic API (CryptoAPI)............................................................................ 142 13.13 Routing all client traffic (including web-traffic) through the VPN 142 13.13.1 Overview ......................................................................... 142 13.13.2 Implementation ............................................................... 143 13.13.3 Caveats........................................................................... 144 13.14 Running an OpenVPN server on a dynamic IP address ...... 144 13.15 Connecting to an OpenVPN server via an HTTP proxy. ...... 145 13.16 Connecting to a Samba share over OpenVPN .................... 146 13.17 Implementing a load-balancing/failover configuration .......... 147 13.17.1 Client............................................................................... 147 13.17.2 Server ............................................................................. 148 13.18 Hardening OpenVPN Security ............................................. 149 13.18.1 tls-auth ............................................................................ 149 13.18.2 proto udp......................................................................... 150 13.18.3 user/group (non-Windows only) ...................................... 150 13.18.4 Unprivileged mode (Linux only) ...................................... 150 13.18.5 chroot (non-Windows only) ............................................. 151 13.18.6 Larger RSA keys............................................................. 152 13.18.7 Larger symmetric keys.................................................... 152 13.18.8 Keep the root key (ca.key) on a standalone machine without a network connection ................................................................... 152 13.19 Revoking Certificates ........................................................... 152 13.19.1 Example .......................................................................... 153 13.19.2 CRL Notes ...................................................................... 154 13.20 Important Note on possible "Man-in-the-Middle" attack if clients do not verify the certificate of the server they are connecting to. ... 155 13.21 Sample OpenVPN 2.0 configuration files ............................ 157 13.21.1 sample-config-files/server.conf ....................................... 157 13.21.2 sample-config-files/client.conf......................................... 164
8
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
14 DDOS Protection With IPtables ................................................. 168 14.1 What Is IPtables? .................................................................. 169 14.2 Why Your IPtables Anti-DDoS Rules Do not work ................ 169 14.3 The Actual IPtables Anti-DDoS Rules ................................... 173 14.4 The Complete IPtables Anti-DDoS Rules .............................. 176
9
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
1 INTRODUCTION
1.1.1 ADBLOCK VPN BA.NET Make your Internet Faster, more Private and Safer with AdBlock VPN BA.net. Works on iPad, IOS, Mac, PC. No software to install. It is a network based DNS Service. Provide Network Security and Control without dedicated staff
Business VPN AdBlock Security · · · · · · · ·
Block Ads, Malware, Tracking Covers Multi Office and Mobile Custom Policy Blocklist Cloud DNS, VPN Filters 2 Dedicated Servers Unlimited User Accounts US CIPA Compliance Email Support
Contact us at +54911 2546 1403
[email protected]
· · · ·
AdBlock Mobile VPN for Apple iOS Config Howto AdBlock Mobile VPN for Android Config Howto. AdBlock VPN OSX Config Howto AdBlock VPN Windows 10 Config Howto
10
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
1.1.2 ADMIN INTERFACE
1.1.3 FAQ · Q: Do you have a solution for iPhone on Mobile Networks ? Yes, AdBlock Speed VPN for iPhone. AdBlock VPN for iOS Config Howto · Q: Will VPN OpenVPN affect my mobile battery ? Short answer no. The current recommended OpenVPN clients manage sleep to keep the cellular radio off when the phone display is unused. The AdBlock data transmission and CPU savings will combine with the low overhead of the new OpenVPN client to a negligible impact on your iPhone battery. · Q: Do you support L2PT ?
11
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
No. For higher grade encryption we support OpenVPN. Or for legacy OS we support PPTP · Q: Android Limitations ? Android built-in PPTP VPN only works on wifi connections. For a Celular Mobile Adblock VPN, you can use OpenVPN. Download this OpenVPN App on the Google Play Store · Q: Do you offer Business Service ? Yes, you can point your corporate routers to dedicated cloud DNS and VPN servers. We offer 20 options of geographically diverse datacenters across usa, europe and asia. Also available custom filter lists and access policies running on your own dedicated virtual dns servers. Full root access. Business, Hotspot, School and Campus filtering bundles available. · Q: Do you offer Custom Solutions ? Yes, we can provide custom adblock, vpn, firewall, filtering cloud dedicated servers.
· Get Premium Adblock Multi Device · Business Web Security Solutions · Managed AdBlock VPN Servers Wikipedia Ad Filtering Docs Wikipedia VPN Docs Wikipedia Corporate Proxy Auto Config PAC · Q: Do you offer Server DNS Filter Solutions ? BA.net Adblock DNS Server FlashBoot is a complete Software Appliance. Built in a simple USB Flash Boot package. Or Managed Server Virtual Image. Free Download
12
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
1.2 BA.NET ADBLOCK SPEED VPN FOR IPHONE
AdBlock VPN for Business, Hotspot Security · · · · · · · ·
Blocks Ads, Malware, Tracking Covers Multi Office and Mobile Custom Policy Blocklist Cloud DNS, VPN Filters 2 Dedicated Servers Unlimited User Accounts US CIPA Compliance Email Support
· Download the OpenVPN Connect Application from the Apple App store. Appstore download link · Use the connection profile banet-adblock.ovpn emailed at signup time. · Tap Open in OpenVPN at the top
· In the OpenVPN connect Application, tap the Green + sign to add the VPN Profile. Use the profile we emailed you at signup time.
13
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
· Enter your Username and password · Slide the Save option to On if you want to save your password · To connect, Use the Slider below the Word Disconnected.
14
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
· Connected screen
· You can now connect to the AdBlock VPN.
To check if your IP is changed successfully open the Safari browser and go to https://ba.net/adblock/vpn/geo.html
Done. You are connected. Enjoy BA.net AdBlock VPN
15
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
Alternatively PPTP VPN Config for iOS version 9 or below
1.3 BA.NET ADBLOCK VPN FOR ANDROID Cloud VPN BlockAds for Corporate, Hotspot Security · · · · · · ·
Block Ads, Malware, Tracking Custom policy blocklist Business Productivity 2 Dedicated Cloud VPN and DNS Filter Servers Office Roaming VPN CIPA compliance Email Support
· On your google Play App Search for OpenVPN for Android.
16
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
· Verify the app is by Arne Schwabe before installing the app.
· Open the OpenVPN for Android app.
· Tap on the import config icon in the top-right corner of the screen. Use the profile we emailed you at signup time.
17
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
· Tap on the Back icon on your device to return to the OpenVPN for Android PROFILES section. Tap on your created profile to connect to the VPN.
· When you are connected, you will see a Key icon at the top-left corner of your screen.
To check if your IP is changed successfully open the Safari browser and go to http://ba.net/util/geo/.
18
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
Done. You are connected. Enjoy BA.net AdBlock VPN
Alternatively you can use the built-in PPTP VPN Config for Android (wifi only. it does not work on cellular)
1.4 OPENVPN OSX CONFIGURATION
BA.net AdBlock VPN for OSX Mac Cloud VPN BlockAds for Corporate, Hotspot Security Block Ads, Malware, Tracking Custom policy blocklist Business Productivity 2 Dedicated Cloud VPN and DNS Filter Servers Office Roaming VPN CIPA compliance Email Support Connect to OpenVPN from your OSX Download the Latest TunnelBlick install from https://tunnelblick.net/downloads.html Double Click the Tunnelblick dmg from your downloads folder to mount the image
Double Click on the Tunnelblick icon to install.
19
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
If you get a notice that "Tunnelblick is an Application downloaded from the Internet" Click Open to confirm that you want to Open it.
Type your computer Admin password to allow the Install.
20
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
Click launch
Click I Have Configuration Files
Download the Configuration File from your BA.net welcome email Enter your computer Admin password to allow the configuration file to be added. Click the Tunnelblick icon in the Menu bar to connect
21
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
For the OSX PPTP VPN Howto Click here Documentation Index
1.5 BA.NET HARDWARE SAFEBOX ADBLOCKER
Internet Content Control, Ad Filter, Anti Malware Security How do I configure my devices to use BA.net SafeBox as their DNS server? Two methods Generally, there are two different methods that will enable devices on your network to be protected by BA.net SafeBox. 1. Define BA.net SafeBox’s IP address as the only DNS entry in the router Rationale BA.net SafeBox needs to be the only DNS server because it intercepts queries and decides whether or not they should be blocked. If you have other DNS servers configured, you may be sent to the correct domain,
22
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
bypassing BA.net SafeBox completely. Because of this, we recommend this method (or method 2) as all your devices can be protected and you only need one setting. For many home users, their router settings pages will look similar. This method may not be possible to enable on some routers depending on the feature set exposed to the firmware Setup Log into your router’s configuration page and find the DHCP/DNS settings. Note: make sure you adjust this setting under your LAN settings and not the WAN.
Again, BA.net SafeBox should be the only DNS server set here as BA.net SafeBox already delivers the other upstream servers. If you set another server in your router, it’s possible your ad blocking may be negatively affected. Important: If you have existing network devices on your network when you make this change, you will not see ads getting blocked until the DHCP lease is renewed. You can usually force a renewal by restarting the device. 2. Manually configure each device This option works well in two use cases: 1 You only want certain devices to use BA.net SafeBox
23
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
2 You only want certain devices to not use BA.net SafeBox Rationale This method allows for hand-picking which device on the LAN is protected by BA.net SafeBox. Think of it is an opt-in strategy allowing clients/devices the choice to be protected by BA.net SafeBox or not. Likewise, you can use this method to opt-out of BA.net SafeBox. This assumes you have configured your network to use BA.net SafeBox as their DNS server using one of the two previous methods. By manually setting the DNS server to something other than BA.net SafeBox, you override the DHCP options, and thus what DNS server to use, provided by your router. Setup macOS • Click Apple > System Preferences > Network • Highlight the connection for which you want to configure DNS • Click Advanced • Select the DNS tab • Click + to replace any listed addresses with, or add, your Pi’s IP addresses at the top of the list: • Click Apply > OK • Repeat the procedure for additional network connections you want to change. Windows DNS settings are specified in the TCP/IP Properties window for the selected network connection. • Go to the Control Panel • Click Network and Internet > Network and Sharing Center > Change adapter settings • Select the connection for which you want to configure • Right-click Local Area Connection > Properties • Select the Networking tab • Select Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6) • Click Properties • Click Advanced • Select the DNS tab • Click OK • Select Use the following DNS server addresses • Replace those addresses with the IP addresses of your Pi • Restart the connection you selected in step 3 • Repeat the procedure for additional network connections you want to change. Linux
24
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
In most modern Linux distributions, DNS settings are configured through Network Manager. • Click System > Preferences > Network Connections • Select the connection for which you want to configure • Click Edit • Select the IPv4 Settings or IPv6 Settings tab • If the selected method is Automatic (DHCP), open the dropdown and select Automatic (DHCP) addresses only instead. If the method is set to something else, do not change it. • In the DNS servers field, enter your Pi’s IP addresses • Click Apply to save the change • Repeat the procedure for additional network connections you want to change. • If your distribution doesn’t use Network Manager, your DNS settings are specified in /etc/resolv.conf.
Network Wide Ad, Malware, Tracking and Profiling Protection Custom Corporate Policy Content Control (i.e. block social media) Network-level blocking allows any device to block ads, regardless of hardware or OS.
25
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
Since ads are blocked before they are downloaded, your network will perform better. Monitor Performance And Statistics. The Web interface shows how many ads were blocked, a query log, and more. Compliant with CIPA Includes Automatic Blocklists Updates Easy Bootable ISO Software Appliance
1.6 SETTING UP ADBLOCK BA.NET ON ANDROID DEVICES 1. Settings 2. WiFi (click on word "WiFi", not ON/OFF switch) 3. Press and hold preferred (or active) wireless network until dialog pops up 4. Select "Modify Network" 5. Check "Show advanced options" checkbox at the bottom 6. Switch "IP settings" to "Static" 7. Keep IP address, Gateway and Network prefix length the same (should be set from standard DHCP) 8. Set DNS 1 and DNS 2 fields as per table below: 9. "Save" 10. Restart your phone (power cycle).
1.7 CONFIGURE DSL OR WIRELESS ROUTER SETTINGS
Depending on your router manufacturer, the steps to configure the router may vary. Following steps are provided for your reference. For
26
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
more information, you may refer to the support documentation for the router.
1. Start your Web browser. 2. In the Address box, type the IP address of your router, and then press Enter. Generally, 192.168.1.1 and 192.168.0.1 are the most widely used default IP addresses by various manufacturers. If your router manufacturer uses a different IP address, refer to the help documentation for the router. 3. Type the administrator user name and password, and then click OK. Router configuration settings page opens in your Web browser. 4. Find and open the DNS settings. You may find the DNS settings option under WAN settings. 5. In the Preferred DNS server and Alternate DNS server boxes, type the DNS server addresses provided by your Internet service provider. Use the following server BA.net AdBlock DNS addresses: 6. Click Apply or Save or Save Settings. 7. Restart your router to apply the changes.
1.7.1 CONFIGURE ADBLOCK DNS FOR MAC OS X, WINDOWS, OR LINUX · Mac OS X
27
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
· · · · ·
Windows Linux DSL or Wireless Router Android AdBlock Server
28
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
1.8 WORKS WITH SAFARI. ANY WEB BROWSER / ANY PLATFORM 1.8.1.1
User Benefits
The benefits of ad blocking include quicker loading and cleaner looking Web pages free from advertisements, lower resource waste (bandwidth, CPU, memory, etc.), and privacy benefits gained through the exclusion of the tracking and profiling systems of ad delivery platforms. 1.8.1.2
Multi Device
You can configure it for your computers, iPad, iPhone WiFi and more devices on your network. Premium Plans available. Except on iPhone mobile networks, as DNS can not be changed. It will work on WiFi for iPhone. 1.8.1.3
Block Tracking Sites
Many sites use Web bugs and analytics to track where you go on the Internet. AdBlock BA.net stops these sites from profiling you, invading your privacy and slowing your connection. 1.8.1.4
Block Ads Everywhere
AdBlock BA.net stops advertisements on Safari, Any Web Browser, Any Platform. Also blocks many in-app Ads! Also blocks Ads from appearing in MSN, Yahoo!, and AOL messaging programs at the source. No more annoying pop-up animated ads.
29
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
1.9 FREQUENTLY ASKED QUESTIONS
1.9.1 Q: HOW IS ADBLOCK BA.NET DIFFERENT FROM OTHER ADBLOCKING SERVICES ? AdBlock BA.net does not require installing any software on your computer and works with any Web browser on any computer. 1.9.2 Q: HOW CAN IT BE FREE ? AdBlock BA.net is free for personal use. If you like the service we encourage you to Share it with your friends. Or upgrade to a Premium Plan 1.9.3 Q: WE ONLY USE APPLE COMPUTERS IN OUR HOUSEHOLD, CAN WE STILL USE ADBLOCK BA.NET? Yes, AdBlock BA.net will work with Safari, Firefox, etc. on Apple computers. 1.9.4 Q: WILL ADBLOCK BA.NET WORK ON MY IPHONE, BLACKBERRY OR OTHER MOBILE INTERNET DEVICE? Yes, although some providers give no option to configure your DNS servers in order to use AdBlock BA.net. (For example it will not work on 3G connections only on WiFi) 1.9.5 Q: WILL ADBLOCK BA.NET ALSO RESTRICT PORNOGRAHIC ADS?
AdBlock BA.net is not specifically designed to remove pornographic ads, however we make every attempt to block ads from known ad distribution networks.
30
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
1.9.6 Q: I LIVE IN TORONTO, WILL ADBLOCK BA.NET WORK IN CANADA? Yes, AdBlock BA.net will work from any location, however we concentrate our efforts on blocking advertising on the most popular sites for U.S. Internet users. You can report any Ads or Malware to be included in the BA.net/adblock blocked list. Report Ads or Malware Here. So far our blocked list contains over 180.000 domains! 1.9.7 Q: DOES ADBLOCK BA.NET TRACK WHERE I GO ON THE INTERNET? AdBlock BA.net does not log any personally identifiable information. See details at the Privacy Policy 1.9.8 Q: I NOTICED AN AD THE OTHER DAY SURFING THE WEB, SHOULD I REPORT THAT TO ADBLOCK BA.NET SUPPORT? AdBlock BA.net will not block 100% of Internet advertising. Our goal is to eliminate banner and Flash advertisements on the most popular sites, and block the most widely used advertising distributors. You can report any Ads or Malware to be included in the BA.net/adblock blocked list. Report Ads or Malware Here. So far our blocked list contains over 180.000 domains! 1.9.9 Q: WHAT KIND OF BANNERS WILL IT BLOCK ? AdBlock BA.net is designed to block Banner and Flash advertising on the most popluar sites, and to block ads coming from the largest advertising networks. AdBlock BA.net will work for anyone, anywhere in the world, but our focus is on popular U.S. Websites. Our servers are located in the US East Coast, US West Coast and EU London. 1.9.10
WHAT ABOUT SITE AND BLOG OWNERS ?
Our intent is to block major adserver networks that track you across the web. They use questionable re-targetting, profiling and invade your privacy.
31
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
Smaller sites generally offer sponsorships and directly served ads, which we do not block. 1.9.11
Q: WILL IT BLOCK PHISHING AND MALWARE SITES ?
Yes Phishing and Malware sites will also be blocked. Helping to keep you safe from identity theft. So far our blocked list contains over 180.000 domains! 1.9.12 Q: WILL IT CONSUME MEMORY LIKE UBLOCK OR ADBLOCK PLUS ? uBlock or other Browser add-ons can consume a lot of memory on your computer. As they have to process over 100k rules and domains to block. Our DNS solution moves that processing to our servers, we block 180k adware and malware domains! You will need less memory and have a faster and safer internet. No need to install any add-on or plug-in, just configure our DNS and you are ready to go. 1.9.13 Q: DO YOU HAVE A SOLUTION FOR IPHONE ON MOBILE NETWORKS ? Yes, AdBlock Speed VPN for iPhone. Contact us at
[email protected] to get a Business Dedicated Adblock VPN Server. 1.9.14
Q: WILL VPN AFFECT MY MOBILE BATTERY ?
Short answer no. The current recommended OpenVPN clients manage sleep to keep the cellular radio off when the phone display is unused. The AdBlock data transmission and CPU savings will combine with the low overhead of the new OpenVPN client to a negligible impact on your iPhone battery.
Q: Do you support L2PT ? No. For higher grade encryption we support OpenVPN. Or for legacy OS we support PPTP
32
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
Q: Do you offer Business Service ? Yes, you can point your corporate routers to dedicated cloud DNS and VPN servers. We offer 20 options of geographically diverse datacenters across usa, europe and asia. Also available custom filter lists and access policies running on your own dedicated virtual dns servers. Full root access. Business, Hotspot, School and Campus filtering bundles available. Q: Do I need to commit more bandwidth capacity to filtering ? You can choose what users or parts of your network use the VPN, and what parts DNS filtering. VPN requires bandwidth provisioning, while DNS does not. You can then mix and match bandwidth according to network needs and business requirements. 1.9.15
Q: DO YOU OFFER CORPORATE SERVICE ?
Yes, you can point your corporate routers to our Filtering DNS service. We offer volume discounts per user. Also available custom filter lists and access policies running on your own dedicated virtual dns servers. Corporate, ISP, school and campus filtering bundles also available. · Get Premium Adblock Multi Device · Business Web Security Solutions Wikipedia Ad Filtering Docs Wikipedia VPN Docs 1.9.16
DO YOU OFFER SERVER DNS FILTER SOLUTIONS ?
BA.net Adblock DNS Server Managed is a complete Software Appliance. Built in a simple USB Flash Boot package. Free Download
33
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
2 MANAGED SECURITY SERVICE In computing, managed security services (MSS) are network security services that have been outsourced to a service provider. A company
34
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
providing such a service is a managed security service provider (MSSP)[1] The roots of MSSPs are in the Internet Service Providers (ISPs) in the mid to late 1990’s. Initially ISPs would sell customers a firewall appliance, as customer premises equipment (CPE), and for an additional fee would manage the customer-owned firewall over a dial-up connection.[2] According to recent industry research, most organizations (74%) manage IT security in-house, but 82% of IT professionals said they have either already partnered with, or plan to partner with, a managed security service provider.[3] Businesses turn to managed security services providers to alleviate the pressures they face daily related to information security such as targeted malware, customer data theft, skills shortages and resource constraints.[4] Managed security services (MSS) are also considered the systematic approach to managing an organization's security needs. The services may be conducted in-house or outsourced to a service provider that oversees other companies' network and information system security. Functions of a managed security service include round-the-clock monitoring and management of intrusion detection systems and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, and responding to emergencies. There are products available from a number of vendors to help organize and guide the procedures involved. This diverts the burden of performing the chores manually, which can be considerable, away from administrators. Industry research firm Forrester Research in late 2014 identified the 13 most significant vendors in the North American market with its 26-criteria evaluation of managed security service providers (MSSPs)--identifying IBM, Dell SecureWorks, Trustwave, AT&T, Verizon and others as the leaders in the MSSP market.[5] 2.1 EARLY HISTORY OF MANAGED SECURITY SERVICES An earliest example of a cloud-based MSSP service is US West !NTERACT Internet Security. The security service didn’t require the customer to purchase any equipment and no security equipment was installed at the customers premises.[6] The service is considered a MSSP offering in that US West retained ownership of the firewall equipment and the firewalls were operated from their own Internet Point
35
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
of Presence (PoP)[7] The service was based on Check Point Firewall-1 equipment.[8] Following over a year long beta introduction period, the service was generally available by early 1997.[6][7] The service also offered managed Virtual Private Networking (VPN) encryption security at launch.[7] 2.2 INDUSTRY TERMS • • •
Asset: A resource valuable to a company worthy of protection. Incident: An assessed occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an asset. Alert: Identified information, i.e. fact, used to correlate an incident.
2.3 SIX CATEGORIES OF MANAGED SECURITY SERVICES 2.3.1 ON-SITE CONSULTING This is customized assistance in the assessment of business risks, key business requirements for security and the development of security policies and processes. It may include comprehensive security architecture assessments and design (include technology, business risks, technical risks and procedures). Consulting may also include security product integration and On-site mitigation support after an intrusion has occurred, including emergency incident response and forensic analysis[1][9] 2.3.2 PERIMETER MANAGEMENT OF THE CLIENT'S NETWORK This service involves installing, upgrading, and managing the firewall, Virtual Private Network (VPN) and/or intrusion detection hardware and software, electronic mail, and commonly performing configuration changes on behalf of the customer. Management includes monitoring, maintaining the firewall's traffic routing rules, and generating regular traffic and management reports to the customer.[1] Intrusion detection management, either at the network level or at the individual host level, involves providing intrusion alerts to a customer, keeping up to date with new defenses against intrusion, and regularly reporting on intrusion attempts and activity. Content filtering services may be provided by; such as, email filtering) and other data traffic filtering.[9] 2.3.3 PRODUCT RESALE Clearly not a managed service by itself, product resale is a major revenue generator for many MSS providers. This category provides value-added hardware and software for a variety of security-related
36
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
tasks. One such service that may be provided is archival of customer data.[9] 2.3.4 MANAGED SECURITY MONITORING This is the day-to-day monitoring and interpretation of important system events throughout the network—including unauthorized behavior, malicious hacks, denial of service (DoS), anomalies, and trend analysis. It is the first step in an incident response process. 2.3.5 PENETRATION TESTING AND VULNERABILITY ASSESSMENTS This includes one-time or periodic software scans or hacking attempts in order to find vulnerabilities in a technical and logical perimeter. It generally does not assess security throughout the network, nor does it accurately reflect personnel-related exposures due to disgruntled employees, social engineering, etc. Regularly, reports are given to the client.[1][9] 2.3.6 COMPLIANCE MONITORING This includes monitoring event logs not for intrusions, but change management. This service will identify changes to a system that violate a formal security policy for example, if a rogue administrator grants himself or herself too much access to a system. In short, it measures compliance to a technical risk model. 2.3.7 ENGAGING AN MSSP The decision criteria for engaging the services of an MSSP are much the same as those for any other form of outsourcing: cost-effectiveness compared to in-house solutions, focus upon core competencies, need for round-the-clock service, and ease of remaining up-to-date. An important factor, specific to MSS, is that outsourcing network security hands over critical control of the company's infrastructure to an outside party, the MSSP, whilst not relieving the ultimate responsibility for errors. The client of an MSSP still has the ultimate responsibility for its own security, and as such must be prepared to manage and monitor the MSSP, and hold it accountable for the services for which it is contracted. The relationship between MSSP and client is not a turnkey one.[1] Although the organization remains responsible for defending its network against information security and related business risks, working with an
37
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
MSSP allows the organization to focus on its core activities while remaining protected against network vulnerabilities. Business risks can result when information assets upon which the business depends are not securely configured and managed (resulting in asset compromise due to violations of confidentiality, availability, and integrity). Compliance with specific government-defined security requirements can be achieved by using managed security services.[10] 2.4 MANAGED SECURITY SERVICES FOR MID-SIZED AND SMALLER BUSINESSES The business model behind managed security services is commonplace among large enterprise companies with their IT security experts. The model was later adapted to fit medium-sized and smaller companies (SMBs - organizations up to 500 employees, or with no more than 100 employee at any one site) by the value-added reseller (VAR) community, either specializing in managed security or offering it as an extension to their managed IT service solutions. SMBs are increasingly turning to managed security services for a number of reasons. Chief among these are the specialized, complex and highly dynamic nature of IT security and the growing number of regulatory requirements obliging businesses to secure the digital safety and integrity of personal information and financial data held or transferred via their computer networks. Whereas larger organizations typically employ an IT specialist or department, organizations at a smaller scale such as distributed location businesses, medical or dental offices, attorneys, professional services providers or retailers do not typically employ full-time security specialists, although they frequently employ IT staff or external IT consultants. Of these organizations, many are constrained by budget limitations. To address the combined issues of lack of expertise, lack of time and limited financial resources, an emerging category of managed security service provider for the SMB has arisen. Services providers in this category tend to offer comprehensive IT security services delivered on remotely managed appliances or devices that are simple to install and run for the most part in the background. Fees are normally highly affordable to reflect financial constraints, and are charged on a monthly basis at a flat rate to ensure predictability of costs. Service providers deliver daily, weekly, monthly or exceptionbased reporting depending on the client’s requirements.[11]
38
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
3 FILTERING METHODS
An extremely common method of filtering is simply to block (or prevent autoplay of) Flash animation or image loading or Windows audio and video files. This can be done in most browsers easily. This crude technological method is refined by numerous browser extensions. Every internet browser handles this task differently, but, in general, one alters the options, preferences or application extensions to filter specific media types. An additional add-on is usually required to differentiate between ads and non-ads using the same technology, or between wanted and unwanted ads or behaviors. The more advanced filters allow fine-grained control of advertisements through features such as blacklists, whitelists, and regular expression filters. Certain security features also have the effect of disabling some ads. Some antivirus software can act as an ad blocker.
39
BA. N E T A D B L O C K VPN A D M I N I S T R A T O R M A N U A L
Filtering by intermediaries such as providers or national governments is increasingly common. See below especially re provider ad substitution and national root DNS. 3.1 BENEFITS OF AD FILTERING To users, the benefits of ad blocking include quicker loading and cleaner looking Web pages free from advertisements, lower resource waste (bandwidth, CPU, memory, etc.), and privacy benefits gained through the exclusion of the tracking and profiling systems of ad delivery platforms. Blocking ads can also save minimal amounts of energy.[2] Users who pay for total transferred bandwidth ("capped" or pay-forusage connections) including most mobile users worldwide, have a direct financial benefit from filtering an ad before it is loaded. Streaming audio and video, even if they are not presented to the user interface, can rapidly consume gigabytes of transfer especially on a faster 4G connection. In Canada, where users without a data plan often pay C$0.50/megabyte ($500/gigabyte) for at least the first 50-100MB exceeding their data allowance, the cost of tolerating ads can be intolerable. Even fixed connections are often subject to usage limits, especially the faster connections (100Mbit/s and up) which can quickly saturate a network if filled by streaming media. "The extent of unlimited bandwidth plans is often grossly over-estimated by US and European users and advertisers. This problem affects other countries, especially those with bandwidth limitations on their global Internet connections, or those that have poor regulatory or effective monopoly providers." To advertisers, the benefits include not angering or annoying users into blocking, defaming or boycotting their products or websites. Few advertisers actually intend to anger end users. Very sophisticated filtering and anti-spam techniques can involve active defenses which can shut down an advertiser's domains or brokers, ban them from searches or target them for other countermeasures. Some countries have even considered banning the use of certain ports, e.g. South Korea's proposed ban on port 25 used by SMTP.[3] Future countermeasures would be likely to include bans on ads South Koreans are unlikely to want or even ad brokering services. Ad substituting is also a legal and common practice already, for instance in Canadian cable TV where regulations permit showing a Canadian channel with Canadian ads instead of a US channel with US ads, where both are broadcasting the show simultaneously - this practice has spread to the web with some cable Internet providers uniformly substituting foreign ads for local ones, for which they receive a share of the revenue.
40
